mydoom | 7ff2c3acbb884ead411c8b9f0df5b0ca5038333bdf872cb37d5e7eec4ac96b6f

Sharing

General

Target

The-MALWARE-Repo-master.zip
Size

63.3MB
Sample

250118-slapaswncz
MD5

59cb533617e10ca74e8735ff41e5b823
SHA1

644468d5d6d8fab98268e219e8f2ce518b655ff4
SHA256

7ff2c3acbb884ead411c8b9f0df5b0ca5038333bdf872cb37d5e7eec4ac96b6f
SHA512

9b7e28bde79886ff479110b43380e73c4d1a95c547947abbb1825ed4f5078d3060a4390bf1dcead1d593abe0c0167c396e0aa47b3231eb577737c8c93efbe50b
SSDEEP

1572864:1bR+Nd33aius1Ckqujkhpgz2L9HBlHYSZ95hPfqL55r/XKAM:1ANl3aFs1C4SA2hlHf9Rfi5xjM

Score

10^/10

Malware Config

Targets

- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
- Size
  
  8.7MB
- MD5
  
  799c965e0a5a132ec2263d5fea0b0e1c
- SHA1
  
  a15c5a706122fabdef1989c893c72c6530fedcb4
- SHA256
  
  001eb377f0452060012124cb214f658754c7488ccb82e23ec56b2f45a636c859
- SHA512
  
  6c481a855ee6f81dd388c8a4623e519bfbb9f496dada93672360f0a7476fb2b32fd261324156fd4729cef3cbe13f0a8b5862fe47b6db1860d0d67a77283b5ad8
- SSDEEP
  
  98304:VqGMOLT5E2Dy8Ji6LrDl3bTMsEplZ1GW5w+Aw:wGMOLTmaHjLXl3bTMsEpf1x5
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral1
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
- Size
  
  8.7MB
- MD5
  
  76fe4fdd628218f630ba50f91ceba852
- SHA1
  
  6e90f2fe619597115e5b8dd8b0d1fb0c8ad33fa4
- SHA256
  
  041bc20ca8ac3161098cbc976e67e3c0f1b672ad36ecbe22fd21cbd53bcaa742
- SHA512
  
  7956505ae0d8479a92ddf97bb09a757566ef526934ee06b4273f0fc450e4da9204808ffa4f4674f4e6e313eb718a7c65f258ef8d23b9769b8aa12d47610d8011
- SSDEEP
  
  98304:f27or8Dynb9c4EHv9/fW/NQXPvTCaedHuaJE3fSdCnKg27Xk:f27or8DyO4UnwQfvTCXdHua4No
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral2
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
- Size
  
  8.7MB
- MD5
  
  0263de27fd997a4904ee4a92f91ac733
- SHA1
  
  da090fd76b2d92320cf7e55666bb5bd8f50796c9
- SHA256
  
  0ab8836efcaa62c7daac314e0b7ab1679319b2901578fd9e95ec3476b4c1a732
- SHA512
  
  09ef02532eb7c3a968c1d04bf1f3aa9a4bf400f8485d3be596d7db3aed5f705fc1f85a1f6218397a70830ad747aa03c61b9c5b1cca24c2620cdbb3e5361db194
- SSDEEP
  
  98304:bKwGam/zeDrZCDcryHlc5Qp+FLk0h6u9SrS2D8t7Xk:bKwGam/z4C3FKQ8FLTh6u9S4
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral3
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
- Size
  
  8.6MB
- MD5
  
  ae747bc7fff9bc23f06635ef60ea0e8d
- SHA1
  
  64315e834f67905ed4e47f36155362a78ac23462
- SHA256
  
  103b8404dc64c9a44511675981a09fd01395ee837452d114f1350c295357c046
- SHA512
  
  e24914a58565a43883c27ae4a41061e8edd3d5eef7b86c1c0e9910d9fbe0eef3e78ed49136ac0c9378311e99901b1847bcfd926aa9a3ea44149a7478480f82b2
- SSDEEP
  
  98304:rDSceJ/GqDu6P0ypQ0Qv5knSTH20ejwBcHjI7Xk:rDSceJ/GqD18RZv5knS720e7s
Score

8^/10

antivm credential_access defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  Abuse sudo or cached sudo credentials to execute code.
  privilege_escalation defense_evasion
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral4
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
- Size
  
  8.7MB
- MD5
  
  3a371a09bfcba3d545465339f1e1d481
- SHA1
  
  7f5712878929aab6a2ab297072a5a5f3d3c15a01
- SHA256
  
  2378e76aba1ad6e0c937fb39989217bf0de616fdad4726c0f4233bf5414cde86
- SHA512
  
  35efc5129316ea697f1f4591c37e70c74b643942cdb3cb1aac6a0f14f5d133da39c0c393439490bc059361e9feeacee3d4056f88700f56dfe1088ba0ab22613b
- SSDEEP
  
  98304:f/VrKprvLVtb8E0dD71puy219CZ2gT3/3Khbw+Aw:3VrKpjROndH1puy219CZBShb
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral5
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
- Size
  
  8.6MB
- MD5
  
  819b0fdb2b9c8a440b734a7b72522f12
- SHA1
  
  f3aff7e1c44d21508eb60797211570c84a53597a
- SHA256
  
  30c150419000d27dafcd5d00702411b2b23b0f5d7e4d0cc729a7d63b2e460a01
- SHA512
  
  fee2c0dbbc91e2486e409e8b6a877c6ec500e6c7c0491d4c44d37006c30de79b95dd4640c7c8c8efcc920abccbdb659a590fde1e2526126279b7486778d08b5a
- SSDEEP
  
  98304:zhPTaS9ki2kJxOU/ci9Z6uHFg3+QIEvRihdF7Xk:dPTaS9kitnEi9Z6uHq3+XE8z
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral6
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
- Size
  
  8.7MB
- MD5
  
  8f0cb7af15afe40ed85f35e1b40b8f38
- SHA1
  
  525f97d6e7e3cbb611a1cf37e955c0656f4b3c06
- SHA256
  
  3205603282a636979a55aa1e1be518cd3adcbbe491745d996ceb4b5a4dece0c5
- SHA512
  
  bd9e97b4042d89e081eced5781149b0d8e28a6e9d35c2a449a21aee26765ed8eea560434ba5e9a897c4e4c89d7a2b8997e31ad4ac2202a940b8731a5f447170d
- SSDEEP
  
  98304:xFjhn+LznCFajBKs/Q1N4KGWISZOLor5lkFIGGw+Aw:Hjhn+HCS4s41N4KGWISZd5lrGG
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral7
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
- Size
  
  8.7MB
- MD5
  
  682ac123d740321e6ba04d82e8cc4ed8
- SHA1
  
  088a8c8c2b7f9db92ec0ae39e1dc77c8707d3895
- SHA256
  
  453468b86856665f2cc0e0e71668c0b6aac8b14326c623995ba5963f22257619
- SHA512
  
  26ddc0a1b91337de2314465f82f3a02ec478f32708fa91b7cdf75fc235eda7b3cf7c495616145dc29fc081ac4398cab5aac0d42978ea694fa183518533fcf4ad
- SSDEEP
  
  98304:i7ihKiuH4QpmHh/vN0SyDbQy5lZGJJRgOX5f4y+n47Xk:i7ihKiuH4QIha1PQaZGTRgOXxR
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral8
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
- Size
  
  8.7MB
- MD5
  
  97cfb3c26a12e13792f7d1741309d767
- SHA1
  
  a010f85cdda9f83cbc738eb1b41cd621f3d6018e
- SHA256
  
  5fb29fb0136978b9ccf60750af09cec74a257a0ca9c47159ca74dbba21fbcc59
- SHA512
  
  162028b9e93bb4718427304a96767880da7094c99ae6145e61a562f09dae0ce6726b2dfac95782990f50fa9bfc9f82b1aacb9e7b12442094137872fa8a3f3379
- SSDEEP
  
  98304:yM1SkPCVk8rOmgYcGrr69gRQTI6xmiiLuSESStOAco7Xk:yM1SkPCVkIgcWAQ06xniLuSExR
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral9
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
- Size
  
  8.7MB
- MD5
  
  3fe7b88a9ba6c5acee4faae760642b78
- SHA1
  
  bae245bc98c516604838c6ce5a233f066de44a50
- SHA256
  
  6fe6808b9cfe654f526108ec61cb5211bb6601d28e192cadf06102073b54f69c
- SHA512
  
  02abc8d4fe280306a9ac6a25d28cf174a8d51a43d98b6837bc129701d8c0ab486eebaeef11062b58c455627d4de7c8782b3828aa02891fe439ca1ca617038f95
- SSDEEP
  
  98304:g4K0/V2eKEDj+VK61qXXiQqwMwUa/f0OstejSUVv7Xk:g4K0/V2eKM+D4SQbMwX/f0Oskz
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral10
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
- Size
  
  8.7MB
- MD5
  
  d4e533f9c11b5cc9e755d94c1315553a
- SHA1
  
  9e15020cd2688b537bae18e5f291ee8cbe9a85e7
- SHA256
  
  7745b070943e910e8807e3521ac7b7a01401d131bf6c18a63433f8177ed539a6
- SHA512
  
  149226355b2e5c3fac403289b5e66bd4164a7aee76d8dc8f1d698c509db7a081bad9d4172cc950bb0e6e6909e0073d551dcde82cbeaaf61a9c1b02c9ba48fb38
- SSDEEP
  
  98304:H27or8Dynb9c4EHv9/fW/NQXPvTCaedQuMBiHAUU4C7Xk:H27or8DyO4UnwQfvTCXdQuMoUj
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral11
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
- Size
  
  8.7MB
- MD5
  
  b2e0eede7b18253dccd0d44ebb5db85a
- SHA1
  
  ee5db9590090efd5549e1c17ec1ee956ef1ed3d1
- SHA256
  
  7f18e5b5b7645a80a0d44adf3fecdafcbf937bfe30a4cfb965a1421e034996dd
- SHA512
  
  5608fe7bde5072de7c98bacfe7beb928e6073be87c0fbccd8075c808d9a7c642abe254f6eb620d627f5324e35821fc9b41a31970264abcc472adfbe2c214a9fe
- SSDEEP
  
  98304:zbc+G4RTwJg0GTvmF3D4cQ1XmkPF0ihOehaOE3Ok7Xk:zbc+G4RTwJGOzfQYkPGihOekj
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral12
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
- Size
  
  8.7MB
- MD5
  
  100bff2f4ee4d88b005bb016daa04fe6
- SHA1
  
  36e5f8f70890601aa2adaffb203afd06516097f0
- SHA256
  
  90b61cc77bb2d726219fd00ae2d0ecdf6f0fe7078529e87b7ec8e603008232d5
- SHA512
  
  a1cb52bc6edaa7f8bb216d2a5f3deb0b8468c64b43931ef570c05e6a9872c63f00aff50d69686fdc2ea25d3d83da4bf9d78f5e6910643163570d0bd6279c6e16
- SSDEEP
  
  98304:wRINZeR9Zy031d3eDi2dZQT3/S1GVlOre53ziKZ7Xk:wRINZeR9Zx1CFDQD/SQVlOrKr
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral13
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
- Size
  
  8.6MB
- MD5
  
  4842d5cc29c97aa611fba5ca07b060a5
- SHA1
  
  f93772038406f28fa4ca1cfb23349193562414b2
- SHA256
  
  9384b9e39334479194aacb53cb25ace289b6afe2e41bdc8619b2d2cae966b948
- SHA512
  
  cf1cb3f0291f3e0c3b47ff3ee9074b624e2d9781f9637d14ede0628ebb4b8b0fe13e16583f6a933a3e20872ec084dc812237f021757efe2a6d527a0a1723b5c8
- SSDEEP
  
  98304:JcZJWD3qZL7I9lysBfU9OWQcIImfWoezuA+dTlwO0Fz7Xk:JcZJWTqZLGlHsHQl3fNezuAI5g
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral14
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
- Size
  
  8.7MB
- MD5
  
  c947363b50231882723bd6b07bc291ca
- SHA1
  
  7b9a425f09da9be5dda5facff18c5fd15eed253a
- SHA256
  
  985ffee662969825146d1b465d068ea4f5f01990d13827511415fd497cf9db86
- SHA512
  
  45f511f6fe78bba853789f85549c8ac591b7812e2fc969a13148bbd1112fa356f6a1ee88a22a907e7f62ef79a0d14d75681eecd2a17f027d105afd381f161184
- SSDEEP
  
  98304:vM6uc5LRC1PApsX8mygFiQS8Mi0e6oIOPxOGdG20t7Xk:vM6uc5LRCepmPEQXMir6oIOPoCM
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral15
- Target
  
  The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
- Size
  
  8.7MB
- MD5
  
  aa55272ad8db954381a8eab889f087cf
- SHA1
  
  d7df26bf57530c0475247b0f3335e5d19d9cb30d
- SHA256
  
  d1e82d4a37959a9e6b661e31b8c8c6d2813c93ac92508a2771b2491b04ea2485
- SHA512
  
  5590c039eb50708fe8fe417a5b5adf1d9019db0590dee119d0907bb588114bcbeb980c5ec7f3f77e85aefcbba76c1560e8b81069434ef5774ca60b1e28dbac20
- SSDEEP
  
  98304:WjLz0rgRnuINVhcBSTDQaQqfViO7tauT8Xu4RM7Xk:WjLz0rgRXVzP5QkViitauT8Y
Score

8^/10

antivm defense_evasion discovery persistence privilege_escalation
- Adds new SSH keys
  Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
  persistence privilege_escalation
- Deletes itself
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Virtualization/Sandbox Evasion: Time Based Evasion
  Adversaries may detect and evade virtualized environments and sandboxes.
  defense_evasion
behavioral16
- Target
  
  The-MALWARE-Repo-master/Email-Worm/Amus.exe
- Size
  
  50KB
- MD5
  
  47abd68080eee0ea1b95ae31968a3069
- SHA1
  
  ffbdf4b2224b92bd78779a7c5ac366ccb007c14d
- SHA256
  
  b5fc4fd50e4ba69f0c8c8e5c402813c107c605cab659960ac31b3c8356c4e0ec
- SHA512
  
  c9dfabffe582b29e810db8866f8997af1bd3339fa30e79575377bde970fcad3e3b6e9036b3a88d0c5f4fa3545eea8904d9faabf00142d5775ea5508adcd4dc0a
- SSDEEP
  
  768:/9NC1eO7wvsgyjgLCtKbqvYGjaESiKMH6BJJE+XqYq7wvefY:/9NC1eOMFyjt2/wDrcq/Mveg
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  The-MALWARE-Repo-master/Email-Worm/Anap.a.exe
- Size
  
  16KB
- MD5
  
  0231c3a7d92ead1bad77819d5bda939d
- SHA1
  
  683523ae4b60ac43d62cac5dad05fd8b5b8b8ae0
- SHA256
  
  da1798c0a49b991fbda674f02007b0a3be4703e2b07ee540539db7e5bf983278
- SHA512
  
  e34af2a1bd8f17ddc994671db37b29728e933e62eded7aff93ab0194a813103cad9dba522388f9f67ba839196fb6ed54ce87e1bebcfd98957feb40b726a7e0c6
- SSDEEP
  
  192:nC34zPAmm2VkeyLffMhyyuyeYHOGFeDK6P6t6:U6oj7LLffMI/jqBo
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  The-MALWARE-Repo-master/Email-Worm/Axam.a.exe
- Size
  
  11KB
- MD5
  
  0fbf8022619ba56c545b20d172bf3b87
- SHA1
  
  752e5ce51f0cf9192b8fa1d28a7663b46e3577ff
- SHA256
  
  4ae7d63ec497143c2acde1ba79f1d9eed80086a420b6f0a07b1e2917da0a6c74
- SHA512
  
  e8d44147609d04a1a158066d89b739c00b507c8ff208dac72fdc2a42702d336c057ae4b77c305f4ccdfe089665913098d84a3160a834aaebe41f95f4b4bfddeb
- SSDEEP
  
  192:33K8Vn5fAIBkPA9tQdEnhAv+mKqh1RwE9gCOMv8eIry2aZoa5qq/:33X54IB8SCY2W3qmSgaIrTDSqq/
Score

7^/10

discovery persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral21 behavioral22
- Target
  
  The-MALWARE-Repo-master/Email-Worm/Brontok.exe
- Size
  
  106KB
- MD5
  
  d7506150617460e34645025f1ca2c74b
- SHA1
  
  5e7d5daf73a72473795d591f831e8a2054947668
- SHA256
  
  941ebf1dc12321bbe430994a55f6e22a1b83cea2fa7d281484ea2dab06353112
- SHA512
  
  69e0bd07a8bdbfe066593cdd81acd530b3d12b21e637c1af511b8fee447831b8d822065c5a74a477fe6590962ceff8d64d83ae9c41efd930636921d4d6567f6f
- SSDEEP
  
  768:i9R/zAKUQfZw7j4KBHZD8f5R3ETmv48Xxh04UwQaMzl6G1gNov35BMC:0AcwPf5D8rUTmnX9maQ6SgM5
Score

10^/10

discovery evasion persistence
- Modifies WinLogon for persistence
  persistence
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Disables RegEdit via registry modification
  evasion
- Disables cmd.exe use via registry modification
  evasion
- Drops file in Drivers directory
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral23 behavioral24
- Target
  
  The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html
- Size
  
  12KB
- MD5
  
  bb7b91d1685db89b58ac01a72921e632
- SHA1
  
  4a1dd457983a7f1bbc7943eb5fca3da6d93d4176
- SHA256
  
  940a563df059604ac0dc6a92a845da2f04236b86887208b89969b70c6781c3f8
- SHA512
  
  09e26d197b22a4553e2e87a9ee0957700766c2dcd11157b5b71744d67abfa30d71d45c7bf1081bf9337527e3b8aabde99b09bd2bd30aa302329ebf480078307e
- SSDEEP
  
  192:W1VoVk8X2TrWAXaR06qVoVk8X2TrWAXaR06LV:Giui2TSw6qiui2TSw6LV
Score

3^/10

discovery
behavioral25 behavioral26
- Target
  
  The-MALWARE-Repo-master/Email-Worm/Bugsoft.exe
- Size
  
  32KB
- MD5
  
  70f549ae7fafc425a4c5447293f04fdb
- SHA1
  
  af4b0ed0e0212aced62d40b24ad6861dbfd67b61
- SHA256
  
  96425ae53a5517b9f47e30f6b41fdc883831039e1faba02fe28b2d5f3efcdc29
- SHA512
  
  3f83e9e6d5bc080fb5c797617078aff9bc66efcd2ffac091a97255911c64995a2d83b5e93296f7a57ff3713d92952b30a06fc38cd574c5fe58f008593040b7f0
- SSDEEP
  
  384:/TELevJlARz3z1AWoYbEz3QqRbViB3CoUEmeQo/o2Y0gsjDWK7L:/gLevJlARz3z1AWoYbEz3Ngk6WK7L
Score

4^/10

discovery
behavioral27 behavioral28
- Target
  
  The-MALWARE-Repo-master/Email-Worm/Duksten.exe
- Size
  
  9KB
- MD5
  
  900ebff3e658825f828ab95b30fad2e7
- SHA1
  
  7451f9aee3c4abc6ea6710dc83c3239a7c07173b
- SHA256
  
  caec6e664b3cff5717dd2efea8dcd8715abdcfe7f611456be7009771f22a8f50
- SHA512
  
  e325f3511722eee0658cfcf4ce30806279de322a22a89129a8883a630388ab326955923fa6228946440894bd2ef56d3e6dfda3973ea16cc6e463d058dd6e25ce
- SSDEEP
  
  192:SwPplT5bFhtWHIBAfU2Du6jWuo/TOvZQZPAb:dp3jsH+V2Du66V/TOx84b
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral29 behavioral30
- Target
  
  The-MALWARE-Repo-master/Email-Worm/Emin.js
- Size
  
  2KB
- MD5
  
  d9fd66a813b647e9461e654ba80db7bc
- SHA1
  
  075344db68a3b4bb3f549c0cb79c672aaed70b87
- SHA256
  
  3db96ebba9a6875bb058a3a2a4457165103f8ed51183cf4d79a525c959602499
- SHA512
  
  55eafa2716d45a629aadb1422dd240609faa9f55c7ec4488569e6fb15298a586b7ed5a95060329e76dd4b272edce8954ea18be5f238d4cac70fbf59a391bb09f
Score

3^/10

execution
behavioral31 behavioral32